CURL-CVE-2022-35252

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2022-35252.html

Import Source

https://curl.se/docs/CURL-CVE-2022-35252.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2022-35252

Aliases

CVE-2022-35252

Published

2022-08-31T08:00:00Z

Modified

2024-01-25T02:42:51.132978Z

Summary

control code in cookie denial of service

Details

When curl retrieves and parses cookies from an HTTP(S) server, it accepts cookies using control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response. Effectively allowing a "sister site" to deny service to siblings.

References

Credits

- Axel Chong - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

4.9

Fixed

7.85.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

ae1912cb0d494b48d514d937826c9fe83ec96c4d

Fixed

8dfc93e573ca740544a2d79ebb0ed786592c65c3

Affected versions

4.*

4.10

4.9

5.*

5.0

5.10

5.11

5.2

5.2.1

5.3

5.4

5.5

5.5.1

5.7

5.7.1

5.8

5.9

5.9.1

6.*

6.0

6.1

6.2

6.3

6.3.1

6.4

6.5

6.5.1

6.5.2

7.*

7.1

7.1.1

7.10

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.10.7

7.10.8

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.12.2

7.12.3

7.13.0

7.13.1

7.13.2

7.14.0

7.14.1

7.15.0

7.15.1

7.15.2

7.15.3

7.15.4

7.15.5

7.16.0

7.16.1

7.16.2

7.16.3

7.16.4

7.17.0

7.17.1

7.18.0

7.18.1

7.18.2

7.19.0

7.19.1

7.19.2

7.19.3

7.19.4

7.19.5

7.19.6

7.19.7

7.2

7.2.1

7.20.0

7.20.1

7.21.0

7.21.1

7.21.2

7.21.3

7.21.4

7.21.5

7.21.6

7.21.7

7.22.0

7.23.0

7.23.1

7.24.0

7.25.0

7.26.0

7.27.0

7.28.0

7.28.1

7.29.0

7.3

7.30.0

7.31.0

7.32.0

7.33.0

7.34.0

7.35.0

7.36.0

7.37.0

7.37.1

7.38.0

7.39.0

7.4

7.4.1

7.4.2

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.5

7.5.1

7.5.2

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.6

7.6.1

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.7

7.7.1

7.7.2

7.7.3

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.8

7.8.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.9

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.6

7.9.7

7.9.8